Thursday, January 14, 2016

Get your Cyber-Security Freak On - What I Am Reading 1/14/2016

This course provides a one-semester overview of
information security. It is designed to help students with prior
computer and programming knowledge — both undergraduate and graduate —
understand this important priority in society today. The technical
content of the course gives a broad overview of essential concepts and
methods for providing and evaluating security in information processing
systems (operating systems and applications, networks, protocols, and so
on).

In addition to its technical content, the course touches on the
importance of management and administration, the place information
security holds in overall business risk, social issues such as
individual privacy, and the role of public policy.

For those who aren't aware Udacity and Georgia Tech partnered a couple of years ago to offer an online Masters Degree in Computer Science. This course is part of that track. Looking at the syllabus it appears to be a pretty comprehensive course, designed to last 6 months at 6 hours / week. Recommended prerequisites are undergrad courses in computer networking, operating systems (I assume they mean the theory courses and not something like how to use Windows), programming experience and Linear Algebra and Discrete Mathematics. I haven't taken the course but it appears it may be a cut above the usual Security+ / CISSP courses being repackaged and put out online. The textbook is definately a serious academic type book Computer Security: Principles and Practice (3rd Edition). So why you (the imaginary voices in my head) ask, did you just spend so much time on this? Well honestly this course probably isn't for everyone - it probably isn't even for me given that it requires literacy and some ability to use critical thought, but on the other hand it is exciting to see stuff like this out there so I pointed it out.

The point is that normalization of deviance is a gradual process that
leads to a situation where unacceptable practices or standards become
acceptable, and flagrant violations of procedure become normal --
despite that fact that everyone involved knows better.

Schneier points to several indicators of a developing culture of deviance. In my opinion the indicators are so general as to be useless. Basically any organization will display all of them to some degree. My opinion - This type of situation is a problem but it is entirely self inflicted. If rules interfere with accomplishing needed work the rules will be ignored. Once one is ignored it is a cascading effect - "Well we aren't doing A so we don't need to do B." The two choices are strictly enforce adherence to all the rules and suffer the consequences or tailor the rules to the work. The second option will be more successful, again my opinion. It also requires some courage as many rules are driven by regulatory regimes that aren't 100% applicable and are put in place solely as a wink and nod to auditors. Stopping that practice will be almost impossible as long as such regimes exist.

About Me

53 year old white male oozing privilege and advantage, if you find that sort of thing sexy. But, I care about the less fortunate if you don't. Either way I'm an idiot so take it all with a grain of salt.